About Bravura Security Fabric

The Bravura Security Fabric is an integrated solution for identity and access management (IAM). It streamlines and secures the management of identities, security entitlements and credentials across systems and applications, on-premises and in the cloud. Organizations deploy the Bravura Security Fabric to strengthen controls, meet regulatory and audit requirements, improve IT service and reduce IT operating costs.

The Bravura Security Fabric is designed as IAM middleware in the sense that it presents a uniform user interface and a consolidated set of business processes to manage user objects, identity attributes, security rights and credentials across multiple systems and platforms.

Bravura Security Fabric includes several functional identity management and access governance modules, described in the table below. Symbols in this table indicate that the marked content applies to specific product licenses:

bpa-icon Bravura Privilege | Identity icon Bravura Identity | Pass icon Bravura Pass

License	Module	Feature
	Bravura Identity	Manage identities, accounts, groups and roles: automation, requests, approvals, reviews, SoD and RBAC. Monitoring systems of record to update user profiles and automatically requesting matching changes to identities and access rights. A portal where users may requests changes to identities and access rights, with advanced search and access controls. Workflow to route change requests to authorizers and implementers. Analytics, including risk scores and SoD.
	Access Certifier	Periodic review and cleanup of security entitlements including accounts, groups, roles and SoD, including: Delegating review of access rights, policy configuration and identity attributes to business stake-holders. Engagement with managers, resource owners and policy owners.
	Access Certifier (limited license)	The limited license allows for periodic review and cleanup of groups.
	Bravura Group	Full lifecycle management of groups and memberships, including: Self-service and delegated requests for access to groups. Self-service and delegated requests for access to network resources.
	Bravura Group (limited license)	The limited license includes self-service and delegated requests for access to groups.
	Org manager	Delegated construction and maintenance of OrgChart data. The Bravura Identity license includes: Delegating the construction and maintenance of manager/subordinate relationships to managers. Read/write integration with directories and HR systems.
	Org manager (limited license)	Viewing of manager/subordinate relationships to managers. Read/write integration with directories and HR systems.
	Bravura Pass	Integrated credential management: Passwords, security questions, certificates, tokens, smart cards and biometrics, including: Password synchronization, via browser or by intercepting native password changes. Self-service and assisted reset of passwords and PINs. Self-service unlock of encrypted drives, where users may have forgotten a pre-boot password. Access from anywhere - browser, smart phone app, voice phone call, PC login screen, pre-boot password prompt, on-premises or off-site. Two factor authentication for all users, using either existing credentials (RSA, etc.) or by introducing new mechanisms, such as browser fingerprinting, sending a PIN to the user’s phone or an included smart phone app. Federated access via a Security Assertions Markup Language (SAML) identity provider (IdP) to compatible applications. Managed enrollment of security questions, mobile phone numbers, etc.
	Phone Password Manager (IVR)	Telephone self service for passwords and tokens. The Bravura Pass license includes: Turn-key telephony-enabled password and PIN reset, including for RSA SecurID tokens. Self-service unlock for forgotten pre-boot drive encryption passwords. Authentication with either numeric security questions or voice print biometrics. Support for multiple spoken languages.
	Bravura Privilege	Securing access to administrator, embedded and service accounts. The full license includes: Automatically discover and classify systems, accounts, groups and services to manage. Periodically randomize and vault passwords to privileged accounts. Authenticate, authorize and log user access to privileged accounts and groups, including built-in 2FA for all users. Provide account access to resources through regulated disclosure methods. Orchestrate changes to service account and embedded account passwords. Discover, analyze and modify SSH trust relationships. Risk scores and analytics, at request time and after the fact. Record sessions (video, keylog, etc.) with search and playback. Temporary group membership Approvals process The ability to run commands on multiple systems Temporary group membership A large variety of access disclosure plugins to utilize The ability to create push and local workstation service managed system policies
	Bravura Privilege (limited license)	A limited license includes: The ability to manage target administrator credentials Frequent password randomization eliminating static, shared passwords and controls former IT staff knowledge of passwords The ability to run scripts on managed systems Access controls to limit who can see passwords The ability to create vault-only managed systems and policies Logging and reporting of access disclosure Encryption, which secures passwords in storage and transit so that physical compromise will not expose passwords Replication, which ensures passwords are stored on multiple servers in different sites so that password access and security survives server failures or site disasters

See License information for information about the difference between feature-specific licensing and resource licensing, and monitoring and maintaining license limits.

The relationships between the Bravura Security Fabric licensed modules are illustrated below:

In this section:

About Bravura Security Fabric

Search results